bcrypt

bcrypt is a password hashing function designed by Niels Provos and David Mazières, based on the Blowfish cipher. It was initially presented at the 1999 USENIX Security Symposium. Here are some key points about bcrypt:

Design: bcrypt was designed to be slow, which is an intentional security feature. This slowness helps to prevent brute-force attacks by making it computationally expensive to hash passwords, thus reducing the number of password guesses an attacker can make per second.
Function: It uses a salt to protect against rainbow table attacks, where precomputed tables of hash values are used to crack password hashes. The salt is generated randomly for each password, making it unique.
Work Factor: bcrypt includes a work factor (often called cost) that can be adjusted to increase or decrease the computational cost. This allows system administrators to balance security with performance by increasing the work factor as computational power increases, thereby keeping the hashing process slow enough to deter attackers.
Security: By incorporating Blowfish, bcrypt benefits from its strong encryption properties, but it modifies Blowfish in a way that makes it more suitable for password hashing. bcrypt's design includes an expand key step which is not reversible, making it hard to reverse-engineer the original password.
Usage: bcrypt has become a standard in password hashing for many systems due to its resistance against attacks that target hash collisions and its ability to be easily tuned for increased security. It's widely used in web applications, databases, and operating systems for securing user passwords.
Implementation: There are various implementations of bcrypt available in different programming languages. Some notable ones include:
- node-bcrypt for JavaScript (Node.js).
- The OpenBSD's crypt_blowfish implementation, which is a reference for many others.
- PHP's password_hash function which supports bcrypt.
Limitations: While bcrypt is very secure, it does not support passwords longer than 55 characters due to its design constraints. Also, it might not be the best choice for environments where passwords need to be hashed very quickly due to its intentional slowness.

For further reading, here are some resources:

The original bcrypt paper by Provos and Mazières.
Wikipedia entry on bcrypt.

Recently Created Pages

Carnival-of-Nice (2025-05-21 22:06:18)
Louis-XIV (2025-05-21 22:05:41)
Ancien-Regime (2025-05-21 22:03:55)
Charles-Rennie-Mackintosh (2025-05-21 21:46:35)
USB (2025-05-13 09:57:12)
United-Nations-Peacekeeping-Force-in-Cyprus (2025-05-13 09:56:49)
Data_20Governance (2025-05-13 09:56:31)
Chaghri-Beg (2025-05-13 09:56:14)
jurassic-world-fallen-kingdom (2025-05-13 09:55:41)
Johann-Friedrich-von-Brandt (2025-05-13 09:55:24)
Fatimid-Caliphate (2025-05-13 09:54:57)
Barack_Obama (2025-05-13 09:54:36)
Arezzo (2025-05-13 09:54:17)
First_World_War (2025-05-13 09:53:55)
Modbus (2025-05-13 09:53:36)
King-Victor-Emmanuel-II (2025-05-13 09:53:17)
Francois-Mansart (2025-05-13 09:52:59)
JetPack-Aviation (2025-05-13 09:52:37)
Fields-Medal (2025-05-13 09:52:20)
Ivan-Susanin (2025-05-13 09:52:03)

Grok-Pedia

bcrypt

bcrypt

Related Topics:

Recently Created Pages